Job Purpose

• To provide identification, authentication, and authorization services to SARS users as directed within the existing information security policies and contracted SLA’s. The specific role includes the creation of RACF profiles, which facilitate access to the mainframe applications. The role entails the effective design and implementation of security on SARS’ Mainframe systems. This is mainly in the realm of Mainframe user account administration and lifecycle management using IBM’s Resource Access Control Facility (RACF), also known as the z/OS Security Server.

Education and Experience

Minimum Qualification & Experience Required

• Bachelor’s Degree in Information Technology / Advanced Diploma Information Technology (NQF 7) AND 5-7 years’ experience in Information Security , of which 2-3 years ideally at functional specialist level.
• Senior Certificate (NQF 4) AND 10 years’ Information Security experience.

Job Outputs:

Process

• Configuration, administration, of the IAM infrastructure (IBM RACF (Vanguard), SAP (GRC), in area of responsibility according to set standards to ensure 24X7 operations.
• Provisioning of end-to-end user and administrative account identification services by the creation, termination suspension and re-activation of user access accounts across multiple access control technologies (SAP, Mainframe).
• Provisioning of end-to-end user and administrative account authentication services by supporting user password creation, resets and password-self-service technologies across multiple access control technologies (SAP, Mainframe).
• Giving input to risk management principles through risk assessments, risk mitigation proposals, and inputs on various forums including but not limited to change/release management processes, projects, governance initiatives, audit requirements, vulnerability assessments and other processes.
• To design and develop reports that will provide visibility to line managers in order to manage any risks within their respective areas relating to fraud, prevention of fraud and access to information.
• To provide input to current/new IT Security strategies, architectures, policies, standard, procedures, SOPs, user training material and guides or other organisational policies which influences IT security to align with business and audit requirements relating to the prevention of fraud or access to information.
• To report on performance of team, status updates on outstanding tasks, escalation of high impact risks.
• Develop and maintain productive working relationships with peers, SARS role players and third parties to achieve predefined objectives.
• Execute specialist input through investigation &opportunities within the product process including risk concern.
• Provide specialist input through the investigation of opportunities for operational and process product and risk optimisation.
• Correctly apply policies, practices, standards, procedures and legislation in the delivery of work outputs.
• Draw on own knowledge and experience to diagnose symptoms, causes and possible effects to solve emerging problems.
• Initiate process and procedural change, also implement the change and provide guidelines and support related to new requirements as a result of the change.